Researcher says Microsoft Edge has inherited many of Internet Explorer’s security holes

Microsoft Edge is filled with many Internet Explorer’s security holes says researcher

Microsoft presented Edge as its latest hack proof and secure browser with Windows 10. It was supposed to take on Google’s Chrome and Mozilla’s Firefox as the most secure browser of them all. This has not happened yet and Infoworld journalist and researcher, Woody Leonhard says that Microsoft Edge has inherited many of old Internet Explorer security holes.

Back in May, Microsoft Edge senior program manager Crispin Cowan made some bold predictions in the blog post Microsoft Edge: Building a safer browser. In the blog, Cowan assured us that:

With Microsoft Edge, we want to fundamentally improve security over existing browsers and enable users to confidently experience the web from Windows. We have designed Microsoft Edge to defend users from increasingly sophisticated and prevalent attacks.

The article goes on at length to describe how Edge will be better than the bad, old IE, “including industry-leading sandboxing, compiler, and memory management techniques developed in close partnership with Windows.”

Leonhard argues that nothing of that sort happened. In fact, he says that with edge we were promised that Edge will do a better job defending against malicious websites and fake sites; will bid farewell to ActiveX, VB Script, Toolbars, BHOs and VMLs; and will have secure extensions, app container sandboxing, MemGC garbage collection to protect against user-after-free attacks, Visual Studio’s Control Flow Guard, and many other advanced technologies.

Leohard writes that Patch Tuesday released by Microsoft yesterday and last month confirms his belief that Edge is carrying forward the IE vulnerabilities.

“The reason for my skepticism: Common Vulnerabilities and Exposures (CVEs). Each CVE entry is supposed to identify a unique security hole. The overlap between Internet Explorer CVEs and Edge CVEs shows that many security problems in IE have been inherited by Edge.”

In yesterdays Patch Tuesday, Microsoft claims to have plugged 15 CVE holes.

Leonhard says that, “I took a look at the official CVE list for Edge and compared it with the similar list for Internet Explorer. There are 14 identified CVEs for Microsoft Edge. Of those, 13 are also identified security holes for Internet Explorer.”

He rounds up with his article stating that Edge seems to improve on certain areas but is far from being the most secure browser of them all.

Read More

Suggested Post